On Wed, 4 Jan 2023 at 11:09, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> Over mutiple kernel releases we have reworked setgid inheritance
> significantly due to long-standing security issues, security issues that
> were reintroduced after they were fixed, and the subtle and difficult
> inheritance rules that plagued individual filesystems. We have lifted
> setgid inheritance into the VFS proper in earlier patches. Starting with
> kernel v6.2 we have made setgid inheritance consistent between the write
> and setattr (ch{mod,own}) paths.
>
> The gist of the requirement is that in order to inherit the setgid bit
> the user needs to be in the group of the file or have CAP_FSETID in
> their user namespace. Otherwise the setgid bit will be dropped
> irregardless of the file's executability. Change the tests accordingly
> and annotate them with the commits that changed the behavior.
>
> Note, that only with v6.2 setgid inheritance works correctly for
> overlayfs in the write path. Before this the setgid bit was always
> retained.
Shouldn't the test ignore sgid without group execute instead? It's
not a security issue and expecting a certain value is not going to
help find real issues (e.g. in old distro kernels, where this test
will now start failing).
Yeah, doing that is more involved, but I do believe that it would be
the right way to go.
Thanks,
Miklos
